New Features, Enhancements, and Changes

>Release: 8.5  

NOTE   If you are upgrading from a version of Sentinel LDK that is earlier than 8.4, be sure to review the release notes for all intervening versions. Significant enhancements and changes are introduced in each version of Sentinel LDK. You can download a .zip file that contains all Sentinel LDK release notes.

Release: 8.5  

>New Sentinel LDK Cloud Portal

>Simplified Installation of an Identity String on End Users' Machines for Cloud Licensing

>Enhancements to Sentinel LDK Envelope

>Protected Applications in Linux Docker Containers on a Windows Host

>Change to Label in Sentinel LDK-EMS for Clone Protection

>Java and .NET Licensing APIs Can Now Reserve and Release Executions

>Customized RTE Installer Supports Installing External Unlocked Licenses

>Vendors Can Now Include Their Logo in Sentinel LDK-EMS Email Templates

>Dynamic Memory File Size for SL Keys Is Now the Same as HL Keys

>Sentinel Admin Control Center Help is Now Available Online

>Dropping Support for HASP HL 1.x API and HASP4 API

New Sentinel LDK Cloud Portal

This release of Sentinel LDK introduces the Sentinel LDK Cloud Portal.

Sentinel LDK Cloud Portal is a web-based application for software vendors who want to host cloud licenses (CL keys) on their own servers. Sentinel LDK Cloud Portal transfers the management of client identities from Sentinel Admin Control Center to a new, streamlined web-based application. Sentinel LDK Cloud Portal simplifies setting up and distributing client identities to licensed users located anywhere, granting them access to the protected applications running on their own machines.

Each client identity can be granted a license to all products in specific CL keys, or the license can be limited to specific products in the CL key.

Sentinel LDK Cloud Portal enables the software vendor to optionally offload the responsibility of managing client identities to designated users in each customer’s organization. The designated users can log in to Sentinel LDK Cloud Portal to easily generate and deliver client identities, set and modify licensed user permissions, and revoke or restore access. Alternatively, software vendors can continue to manage client identities themselves on behalf of customer organizations or for direct individual customers.

For more information, see:

>Sentinel LDK Installation Guide

>Sentinel LDK Software Protection and Licensing Guide

>Sentinel LDK Cloud Portal Guide for Vendors

>Sentinel LDK Cloud Portal Guide for Customers

Simplified Installation of an Identity String on End Users' Machines for Cloud Licensing

The Sentinel LDK Run-time Environment now supports simplified installation of an identity string on an end user's machine. For vendors who are using Sentinel Admin Control Center to manage client identities, this makes implementation of cloud licensing faster and easier. (This feature is also utilized by Sentinel LDK Cloud Portal.) Using Sentinel Admin Control Center on the cloud license server machine, you can generate a custom URL for each client identity. The URL should be provided to the relevant person or entity. When the recipient accesses the URL on their machine, the required identity string is automatically installed.

Enhancements to Sentinel LDK Envelope

Sentinel LDK Envelope now supports the following functionality:

>Key Disabling

The following enhancements to key disabling have been implemented:

Key disabling for the Windows V3 engine

When protecting an application with the Windows V3 engine, you can now select the Disable keys for attempted tampering protection parameter. This instructs the Envelope run-time to disable the license for a protected application when attempted tampering is detected.

Key disabling for CL keys

Previously, key disabling was only supported for HL keys. Now, applications protected using Sentinel LDK Envelope (Default, V3 or .NET engine) and licensed using a CL key can also be configured to disable the key when tampering is detected at runtime. To support this functionality for CL keys, Sentinel LDK Run-time Environment 8.51 or later is required on the user's machine.

>Import protection

The Window V3 engine now enables you to protect the import of an application or DLL for your application. This helps to prevent reconstruction of the protected executable from a memory dump. This option is controlled by the IMPORT_PROTECTION_V3 parameter on the Advanced tab of the Settings page for the Windows V3 engine. This option is enabled by default.

>Data file protection

The following enhancements to data file protection have been implemented:

Windows applications protected with the Envelope V3 engine can now work with data files that are protected with Version 2 data file protection.

For all Envelope engines that support data file protection, the Advanced Data File Protection module is no longer required in your Sentinel LDK Master license. This feature is free to use for all Sentinel LDK users. Any references in the documentation to the requirement for the Advanced Data File Protection module can be ignored.

>.NET Applications Protected With AppOnChip Are Now Supported by the Performance Profiler

Sentinel LDK Envelope can now insert performance counters in a .NET application and add the counter values and locations into a profiler log.

Envelope processes this information to understand how frequently and in what timespan specific methods or code gadgets are executed. Envelope uses the results of this process to recommend which functions should be disabled for protection using AppOnChip to avoid any significant performance impact.

Protected Applications in Linux Docker Containers on a Windows Host

Thales has tested the scenario in which a protected application runs in a Docker Linux container on either a Linux or Windows host. The Run-time Environment and SL or CL key can reside outside of the Docker container on the host machine or a remote machine.

Change to Label in Sentinel LDK-EMS for Clone Protection

When you create a product in Sentinel LDK-EMS and choose a clone protection scheme from the list, the Disable option has been renamed to No Clone Protection. This label was changed to prevent misunderstandings regarding the intention of the Disable label. (The related Sentinel LDK-EMS web service still uses the Disable label.)

Java and .NET Licensing APIs Can Now Reserve and Release Executions

The functionality of reserving and releasing executions for Features that are licensed with the Execution Count license type was previously only available when using C-language function calls.

This functionality has now been extended to the Java and .NET Licensing API.

This functionality is only available with SL keys. For the Java and .NET Licensing API, the function requires Run-time Environment 8.51 or later.

Customized RTE Installer Supports Installing External Unlocked Licenses

The customized RTE installers generated by the Sentinel Master Wizard now supports installing external unlocked licenses together with installation of the customized RTE. This replaces the functionality that was removed from Sentinel LDK-EMS 8.4.

Vendors Can Now Include Their Logo in Sentinel LDK-EMS Email Templates

Vendors can now customize emails sent by Sentinel LDK-EMS by including their logo in the email template.

Dynamic Memory File Size for SL Keys Is Now the Same as HL Keys

The size of a new dynamic memory file for an SL key is limited to 65 K. This is the same as the maximum size of a dynamic memory file for an HL key.

Sentinel Admin Control Center Help is Now Available Online

You can now access the help for the latest version of Sentinel Admin Control Center from the Sentinel LDK documentation site.

You can search for specific topics in the help using either the integrated search facility or using Google.

Dropping Support for HASP HL 1.x API and HASP4 API

HASP HL 1.x API and HASP4 API are no longer supported with RTE 8.41 or later.

If your application requires either of these APIs, then to resolve this issue, do either of the following:

>Rebuild the protected application with the latest Sentinel Licensing API.

>On the end user's machine, first install RTE 8.31, and then upgrade to the latest RTE.